smolnar82 opened a new pull request, #623: URL: https://github.com/apache/knox/pull/623
## What changes were proposed in this pull request? As described in [KNOX-2794](https://issues.apache.org/jira/browse/KNOX-2794), the JWT federation filter is enhanced to support authentication using ## How was this patch tested? Updated existing JUnit test classes and have new test cases to cover the new functionality. In addition to unit testing a comprehensive manual test steps were executed as follows: 1. Deployed a new topology called `tokenexchange`: ``` <?xml version="1.0" encoding="UTF-8"?> <topology> <name>tokenexchanged</name> <gateway> <provider> <role>federation</role> <name>JWTProvider</name> <enabled>true</enabled> <param> <name>knox.token.use.cookie</name> <value>true</value> </param> <!-- <param> <name>knox.token.cookie.name</name> <value>customCookieName</value> </param> --> <param> <name>knox.token.exp.server-managed</name> <value>true</value> </param> </provider> </gateway> <service> <role>KNOXTOKEN</role> <param> <name>knox.token.ttl</name> <value>36000000</value> </param> </service> </topology> ``` Started Knox and ran the following `curl` commands. Please note that at one point I included the `knox.token.cookie.name` configuration too (see below cases): **1. Valid hadoop-jwt cookie** ``` curl -iku : --cookie "hadoop-jwt=eyJraWQiOiJ0Q2dMV1VZbVZ0MlpweVhLNXJUdHA4WDVLTno2TjNYYl85TzZUdE95aUR3IiwiYWxnIjoiUlMyNTYifQ.eyJzdWIiOiJhZG1pbiIsImtpZCI6InRDZ0xXVVltVnQyWnB5WEs1clR0cDhYNUtOejZOM1hiXzlPNlR0T3lpRHciLCJpc3MiOiJLTk9YU1NPIiwiZXhwIjoxNjYxMzMzMjA3LCJtYW5hZ2VkLnRva2VuIjoiZmFsc2UiLCJrbm94LmlkIjoiMTFjMDIyNWMtNTU5Zi00MTE2LWE3M2ItYjhhM2JmZGIwODA1In0.E1qoRKx50g6czHwGh3UVwqqNGpQS3sWckJAEAFQuqmC8LQG2ocrRx3NXgcyvlqjMpeRBMLYMflsUA_b_6lG9adHld-Dy_fhAKknNuZR82nj8jNkrFPPf55C6Uc3NshjK-N_yp_1NSEjN6HKI7UKMJX5oL3xDCYAhQhjFQga3EXDPdh1Rvo7RY0s-em3KHH-gT4UCdS_WT7u5mC2BKXI3o4a8yoAV0iFaIvdO4FPWxyIe4A_r9Vt0EiZezga3hvr8HPR3LRBWGpaW-4J-0KUTb2SsB6vXSuBTKxXns3jA2W8MDzb4cMm4LmIaaBt3H7npk7x-hljzNKhZdSFjb83z9g" -X GET https://localhost:8443/gateway/tokenexchange/knoxtoken/api/v1/token HTTP/1.1 200 OK Date: Tue, 23 Aug 2022 09:28:45 GMT Content-Type: application/json Content-Length: 2253 {"access_token":"eyJqa3UiOiJodHRwczpcL1wvbG9jYWxob3N0Ojg0NDNcL2dhdGV3YXlcL3Rva2VuZXhjaGFuZ2VcL2tub3h0b2tlblwvYXBpXC92MVwvandrcy5qc29uIiwia2lkIjoidENnTFdVWW1WdDJacHlYSzVyVHRwOFg1S056Nk4zWGJfOU82VHRPeWlEdyIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJhZG1pbiIsImprdSI6Imh0dHBzOlwvXC9sb2NhbGhvc3Q6ODQ0M1wvZ2F0ZXdheVwvdG9rZW5leGNoYW5nZVwva25veHRva2VuXC9hcGlcL3YxXC9qd2tzLmpzb24iLCJraWQiOiJ0Q2dMV1VZbVZ0MlpweVhLNXJUdHA4WDVLTno2TjNYYl85TzZUdE95aUR3IiwiaXNzIjoiS05PWFNTTyIsImV4cCI6MTY2MTI4MjkyNSwibWFuYWdlZC50b2tlbiI6ImZhbHNlIiwia25veC5pZCI6ImVhZjRlMWY4LWIwNTktNDkxYS05Mjg0LWNhYTEyZDVlMzdjNyJ9.fnn3LHZ_JQWPe8wqi-4Jn_IAg3N9NNhNYLH0DBU3yVmJo1X60U3ab6q-5hAKUwHAzSnQNoGEdTOevKlqfJJqyIf928nISqz_zoO9rZD4os91OfIZpaS0EiovNf8W1FzIEWV-zUO2kVtBJ6ALV_vtrL4c_RrEWnd1zwUWosn2qYIe5_6kw_QAjuqmKRYnOoxCwf4BVJUBn92dlqi16syzCWOEKYI8LF14MjfLYnLXnUqO6urt5VRYR28n5JYEhkQuZYsdT30bLWp3rf9MtFNu9X11tnAoAt15L6KE3kbknO35SM2t9bEbMfWUVzAW_5X7pYoNTQiwXIROyHuuyfZ26w","token_id":"eaf4e1f8-b059-491a-9284-caa12d5e37c7","managed":"false","endpoint _public_cert":"MIIDeDCCAmCgAwIBAgIIOD6cdHBctFAwDQYJKoZIhvcNAQEFBQAwXzELMAkGA1UEBhMCVVMxDTALBgNVBAgTBFRlc3QxDTALBgNVBAcTBFRlc3QxDzANBgNVBAoTBkhhZG9vcDENMAsGA1UECxMEVGVzdDESMBAGA1UEAxMJbG9jYWxob3N0MB4XDTIyMDgyMzA5MjYwOFoXDTIzMDgyMzA5MjYwOFowXzELMAkGA1UEBhMCVVMxDTALBgNVBAgTBFRlc3QxDTALBgNVBAcTBFRlc3QxDzANBgNVBAoTBkhhZG9vcDENMAsGA1UECxMEVGVzdDESMBAGA1UEAxMJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjVGicpMnDjNlOgpmi8UM9eNlwiiECSLWbYXl7qEfZPknNb2KznOFJOopbiifqStw6AvEWCujCE4+0EBQlK+x7Q9/9v3/uUvrfTcNASw7OybAnGQXSJtCMJEAaxN8YHu9SxVh2XgdmpX+ZOpue4Ow6F2e+MW0uDD+gLFv/uBuoe96FBvtc7KGfH0OnXoNgKHK2bJfhpeV9W1E0SViVdmH0WcGUghfiA29aiKRCsV68MVU3qqBc6IoNe9lpTgqojHxLNR+AIcPugWQRB7Z2/Ep3cbCLQQkUlkqWKaONtDdwixjYM4HIo9Kih8+QkQd7TQ/GhZODfaN6V8zzK+dDNejswIDAQABozgwNjA0BgNVHREELTArghNzbW9sbmFyLU1CUDE2LmxvY2Fsgglsb2NhbGhvc3SCCWxvY2FsaG9zdDANBgkqhkiG9w0BAQUFAAOCAQEAebpUaoqmPv+TFA6LUf/6zfNemn0g0gIAqw0IJUokCEcKD8Hc281cwEfuIGn3mqbtaov1MRZm2Xf57dbCdq63Og2DxU/0U9E2nHGY7q7AvsFCg9rAFNjqjViH0i1Qbl3VAUZdAt OKT6ywh5cSi2oWRxg2RxGnauTm21rk4Q9+bzUdpRKngDAA5Hjs24Msh9TaZmVCJyPh1DX6fAhgj3QOQhyNNEdH+X42PEG4TOYIsQK7MtVl6UfZzK5hd3NPymXiS+FhCrKbcWBT3vx4L6kpzkrcupF1BTEe4g5nX0nNK3SgXhQ7j2r7QSNQpqlzPYW49uKti8hlE718k4+bAEqgkQ==","token_type":"Bearer","expires_in":1661282925099} ``` **2. Invalid hadoop-jwt cookie (removed a character at the end of the supplied cookie)** ``` curl -iku : --cookie "hadoop-jwt=eyJraWQiOiJ0Q2dMV1VZbVZ0MlpweVhLNXJUdHA4WDVLTno2TjNYYl85TzZUdE95aUR3IiwiYWxnIjoiUlMyNTYifQ.eyJzdWIiOiJhZG1pbiIsImtpZCI6InRDZ0xXVVltVnQyWnB5WEs1clR0cDhYNUtOejZOM1hiXzlPNlR0T3lpRHciLCJpc3MiOiJLTk9YU1NPIiwiZXhwIjoxNjYxMzMzMjA3LCJtYW5hZ2VkLnRva2VuIjoiZmFsc2UiLCJrbm94LmlkIjoiMTFjMDIyNWMtNTU5Zi00MTE2LWE3M2ItYjhhM2JmZGIwODA1In0.E1qoRKx50g6czHwGh3UVwqqNGpQS3sWckJAEAFQuqmC8LQG2ocrRx3NXgcyvlqjMpeRBMLYMflsUA_b_6lG9adHld-Dy_fhAKknNuZR82nj8jNkrFPPf55C6Uc3NshjK-N_yp_1NSEjN6HKI7UKMJX5oL3xDCYAhQhjFQga3EXDPdh1Rvo7RY0s-em3KHH-gT4UCdS_WT7u5mC2BKXI3o4a8yoAV0iFaIvdO4FPWxyIe4A_r9Vt0EiZezga3hvr8HPR3LRBWGpaW-4J-0KUTb2SsB6vXSuBTKxXns3jA2W8MDzb4cMm4LmIaaBt3H7npk7x-hljzNKhZdSFjb83z9" -X GET https://localhost:8443/gateway/tokenexchange/knoxtoken/api/v1/token HTTP/1.1 401 Unauthorized Cache-Control: must-revalidate,no-cache,no-store Content-Type: text/html;charset=iso-8859-1 Content-Length: 497 <html> <head> <meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1"/> <title>Error 401 There is no valid cookie found</title> </head> <body><h2>HTTP ERROR 401 There is no valid cookie found</h2> <table> <tr><th>URI:</th><td>/gateway/tokenexchange/knoxtoken/api/v1/token</td></tr> <tr><th>STATUS:</th><td>401</td></tr> <tr><th>MESSAGE:</th><td>There is no valid cookie found</td></tr> <tr><th>SERVLET:</th><td>tokenexchange-knox-gateway-servlet</td></tr> </table> </body> </html> ``` **3. Invalid cookie name (custom cookie name is not included this time)** ``` curl -iku : --cookie "customCookieName=eyJraWQiOiJ0Q2dMV1VZbVZ0MlpweVhLNXJUdHA4WDVLTno2TjNYYl85TzZUdE95aUR3IiwiYWxnIjoiUlMyNTYifQ.eyJzdWIiOiJhZG1pbiIsImtpZCI6InRDZ0xXVVltVnQyWnB5WEs1clR0cDhYNUtOejZOM1hiXzlPNlR0T3lpRHciLCJpc3MiOiJLTk9YU1NPIiwiZXhwIjoxNjYxMzMzMjA3LCJtYW5hZ2VkLnRva2VuIjoiZmFsc2UiLCJrbm94LmlkIjoiMTFjMDIyNWMtNTU5Zi00MTE2LWE3M2ItYjhhM2JmZGIwODA1In0.E1qoRKx50g6czHwGh3UVwqqNGpQS3sWckJAEAFQuqmC8LQG2ocrRx3NXgcyvlqjMpeRBMLYMflsUA_b_6lG9adHld-Dy_fhAKknNuZR82nj8jNkrFPPf55C6Uc3NshjK-N_yp_1NSEjN6HKI7UKMJX5oL3xDCYAhQhjFQga3EXDPdh1Rvo7RY0s-em3KHH-gT4UCdS_WT7u5mC2BKXI3o4a8yoAV0iFaIvdO4FPWxyIe4A_r9Vt0EiZezga3hvr8HPR3LRBWGpaW-4J-0KUTb2SsB6vXSuBTKxXns3jA2W8MDzb4cMm4LmIaaBt3H7npk7x-hljzNKhZdSFjb83z9g" -X GET https://localhost:8443/gateway/tokenexchange/knoxtoken/api/v1/token HTTP/1.1 401 Unauthorized Cache-Control: must-revalidate,no-cache,no-store Content-Type: text/html;charset=iso-8859-1 Content-Length: 443 <html> <head> <meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1"/> <title>Error 401 Unauthorized</title> </head> <body><h2>HTTP ERROR 401 Unauthorized</h2> <table> <tr><th>URI:</th><td>/gateway/tokenexchange/knoxtoken/api/v1/token</td></tr> <tr><th>STATUS:</th><td>401</td></tr> <tr><th>MESSAGE:</th><td>Unauthorized</td></tr> <tr><th>SERVLET:</th><td>tokenexchange-knox-gateway-servlet</td></tr> </table> </body> </html> ``` **4. Using custom cookie name (included knox.token.cookie.name is set to 'customCookieName')** ``` curl -iku : --cookie "customCookieName=eyJraWQiOiJ0Q2dMV1VZbVZ0MlpweVhLNXJUdHA4WDVLTno2TjNYYl85TzZUdE95aUR3IiwiYWxnIjoiUlMyNTYifQ.eyJzdWIiOiJhZG1pbiIsImtpZCI6InRDZ0xXVVltVnQyWnB5WEs1clR0cDhYNUtOejZOM1hiXzlPNlR0T3lpRHciLCJpc3MiOiJLTk9YU1NPIiwiZXhwIjoxNjYxMzMzMjA3LCJtYW5hZ2VkLnRva2VuIjoiZmFsc2UiLCJrbm94LmlkIjoiMTFjMDIyNWMtNTU5Zi00MTE2LWE3M2ItYjhhM2JmZGIwODA1In0.E1qoRKx50g6czHwGh3UVwqqNGpQS3sWckJAEAFQuqmC8LQG2ocrRx3NXgcyvlqjMpeRBMLYMflsUA_b_6lG9adHld-Dy_fhAKknNuZR82nj8jNkrFPPf55C6Uc3NshjK-N_yp_1NSEjN6HKI7UKMJX5oL3xDCYAhQhjFQga3EXDPdh1Rvo7RY0s-em3KHH-gT4UCdS_WT7u5mC2BKXI3o4a8yoAV0iFaIvdO4FPWxyIe4A_r9Vt0EiZezga3hvr8HPR3LRBWGpaW-4J-0KUTb2SsB6vXSuBTKxXns3jA2W8MDzb4cMm4LmIaaBt3H7npk7x-hljzNKhZdSFjb83z9g" -X GET https://localhost:8443/gateway/tokenexchange/knoxtoken/api/v1/token HTTP/1.1 200 OK Date: Tue, 23 Aug 2022 09:33:44 GMT Content-Type: application/json Content-Length: 2253 {"access_token":"eyJqa3UiOiJodHRwczpcL1wvbG9jYWxob3N0Ojg0NDNcL2dhdGV3YXlcL3Rva2VuZXhjaGFuZ2VcL2tub3h0b2tlblwvYXBpXC92MVwvandrcy5qc29uIiwia2lkIjoidENnTFdVWW1WdDJacHlYSzVyVHRwOFg1S056Nk4zWGJfOU82VHRPeWlEdyIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJhZG1pbiIsImprdSI6Imh0dHBzOlwvXC9sb2NhbGhvc3Q6ODQ0M1wvZ2F0ZXdheVwvdG9rZW5leGNoYW5nZVwva25veHRva2VuXC9hcGlcL3YxXC9qd2tzLmpzb24iLCJraWQiOiJ0Q2dMV1VZbVZ0MlpweVhLNXJUdHA4WDVLTno2TjNYYl85TzZUdE95aUR3IiwiaXNzIjoiS05PWFNTTyIsImV4cCI6MTY2MTI4MzIyNCwibWFuYWdlZC50b2tlbiI6ImZhbHNlIiwia25veC5pZCI6IjA4N2VmZGNjLTVhOWMtNDJjZC1hMDY1LWMwZGM1MmQ4MGQ4MSJ9.IkUPTxbjwnJpnt2Vo7t7ZfhiyX_5Edag5vtVnYrHPiuqcTgoIkLVp-eQI9IB-tS3Zh9FFpfH-qZ_0wupiWW7f-7m2zZApidF4KyFI_--W4gvGXJnFeLeDtR7YNSHtQEbJmqJFPJn1TD6YRmK_Z7hCT1LJm84x8QYwo1FsaXkk3XVgNlo6SpPiyvZjlYHQAHMaeFPHyAuWedinZjCMHr8dYp5Ck-wWPmmsPyIHC9jMKhVyLRiaYRVYg8Tl4LCXzCSFucWVHoR7ydtjrypV3-5HIdn7VU0HUEpE5UKiozhQx0IG6KYiYECq-xJ6F45oJlhx03SrZBlRI-zLO76UiMlNQ","token_id":"087efdcc-5a9c-42cd-a065-c0dc52d80d81","managed":"false","endpoint _public_cert":"MIIDeDCCAmCgAwIBAgIIOD6cdHBctFAwDQYJKoZIhvcNAQEFBQAwXzELMAkGA1UEBhMCVVMxDTALBgNVBAgTBFRlc3QxDTALBgNVBAcTBFRlc3QxDzANBgNVBAoTBkhhZG9vcDENMAsGA1UECxMEVGVzdDESMBAGA1UEAxMJbG9jYWxob3N0MB4XDTIyMDgyMzA5MjYwOFoXDTIzMDgyMzA5MjYwOFowXzELMAkGA1UEBhMCVVMxDTALBgNVBAgTBFRlc3QxDTALBgNVBAcTBFRlc3QxDzANBgNVBAoTBkhhZG9vcDENMAsGA1UECxMEVGVzdDESMBAGA1UEAxMJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjVGicpMnDjNlOgpmi8UM9eNlwiiECSLWbYXl7qEfZPknNb2KznOFJOopbiifqStw6AvEWCujCE4+0EBQlK+x7Q9/9v3/uUvrfTcNASw7OybAnGQXSJtCMJEAaxN8YHu9SxVh2XgdmpX+ZOpue4Ow6F2e+MW0uDD+gLFv/uBuoe96FBvtc7KGfH0OnXoNgKHK2bJfhpeV9W1E0SViVdmH0WcGUghfiA29aiKRCsV68MVU3qqBc6IoNe9lpTgqojHxLNR+AIcPugWQRB7Z2/Ep3cbCLQQkUlkqWKaONtDdwixjYM4HIo9Kih8+QkQd7TQ/GhZODfaN6V8zzK+dDNejswIDAQABozgwNjA0BgNVHREELTArghNzbW9sbmFyLU1CUDE2LmxvY2Fsgglsb2NhbGhvc3SCCWxvY2FsaG9zdDANBgkqhkiG9w0BAQUFAAOCAQEAebpUaoqmPv+TFA6LUf/6zfNemn0g0gIAqw0IJUokCEcKD8Hc281cwEfuIGn3mqbtaov1MRZm2Xf57dbCdq63Og2DxU/0U9E2nHGY7q7AvsFCg9rAFNjqjViH0i1Qbl3VAUZdAt OKT6ywh5cSi2oWRxg2RxGnauTm21rk4Q9+bzUdpRKngDAA5Hjs24Msh9TaZmVCJyPh1DX6fAhgj3QOQhyNNEdH+X42PEG4TOYIsQK7MtVl6UfZzK5hd3NPymXiS+FhCrKbcWBT3vx4L6kpzkrcupF1BTEe4g5nX0nNK3SgXhQ7j2r7QSNQpqlzPYW49uKti8hlE718k4+bAEqgkQ==","token_type":"Bearer","expires_in":1661283224552 ``` **5. No cookie passed (expecting a JWT/Passcode token just like before my changes)** ``` curl -iku : -X GET https://localhost:8443/gateway/tokenexchange/knoxtoken/api/v1/token HTTP/1.1 401 Unauthorized Cache-Control: must-revalidate,no-cache,no-store Content-Type: text/html;charset=iso-8859-1 Content-Length: 443 <html> <head> <meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1"/> <title>Error 401 Unauthorized</title> </head> <body><h2>HTTP ERROR 401 Unauthorized</h2> <table> <tr><th>URI:</th><td>/gateway/tokenexchange/knoxtoken/api/v1/token</td></tr> <tr><th>STATUS:</th><td>401</td></tr> <tr><th>MESSAGE:</th><td>Unauthorized</td></tr> <tr><th>SERVLET:</th><td>tokenexchange-knox-gateway-servlet</td></tr> </table> </body> </html> ``` **6. Passing the JWT token without cookies** ``` curl -iku Token:eyJqa3UiOiJodHRwczpcL1wvbG9jYWxob3N0Ojg0NDNcL2dhdGV3YXlcL3Rva2VuZXhjaGFuZ2VcL2tub3h0b2tlblwvYXBpXC92MVwvandrcy5qc29uIiwia2lkIjoidENnTFdVWW1WdDJacHlYSzVyVHRwOFg1S056Nk4zWGJfOU82VHRPeWlEdyIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJhZG1pbiIsImprdSI6Imh0dHBzOlwvXC9sb2NhbGhvc3Q6ODQ0M1wvZ2F0ZXdheVwvdG9rZW5leGNoYW5nZVwva25veHRva2VuXC9hcGlcL3YxXC9qd2tzLmpzb24iLCJraWQiOiJ0Q2dMV1VZbVZ0MlpweVhLNXJUdHA4WDVLTno2TjNYYl85TzZUdE95aUR3IiwiaXNzIjoiS05PWFNTTyIsImV4cCI6MTY2MTI4MzIyNCwibWFuYWdlZC50b2tlbiI6ImZhbHNlIiwia25veC5pZCI6IjA4N2VmZGNjLTVhOWMtNDJjZC1hMDY1LWMwZGM1MmQ4MGQ4MSJ9.IkUPTxbjwnJpnt2Vo7t7ZfhiyX_5Edag5vtVnYrHPiuqcTgoIkLVp-eQI9IB-tS3Zh9FFpfH-qZ_0wupiWW7f-7m2zZApidF4KyFI_--W4gvGXJnFeLeDtR7YNSHtQEbJmqJFPJn1TD6YRmK_Z7hCT1LJm84x8QYwo1FsaXkk3XVgNlo6SpPiyvZjlYHQAHMaeFPHyAuWedinZjCMHr8dYp5Ck-wWPmmsPyIHC9jMKhVyLRiaYRVYg8Tl4LCXzCSFucWVHoR7ydtjrypV3-5HIdn7VU0HUEpE5UKiozhQx0IG6KYiYECq-xJ6F45oJlhx03SrZBlRI-zLO76UiMlNQ -X GET https://localhost:8443/gateway/tokenexchange/knoxtoken/api/v1/token HTTP/1.1 200 OK Date: Tue, 23 Aug 2022 09:38:24 GMT Content-Type: application/json Content-Length: 2253 {"access_token":"eyJqa3UiOiJodHRwczpcL1wvbG9jYWxob3N0Ojg0NDNcL2dhdGV3YXlcL3Rva2VuZXhjaGFuZ2VcL2tub3h0b2tlblwvYXBpXC92MVwvandrcy5qc29uIiwia2lkIjoidENnTFdVWW1WdDJacHlYSzVyVHRwOFg1S056Nk4zWGJfOU82VHRPeWlEdyIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJhZG1pbiIsImprdSI6Imh0dHBzOlwvXC9sb2NhbGhvc3Q6ODQ0M1wvZ2F0ZXdheVwvdG9rZW5leGNoYW5nZVwva25veHRva2VuXC9hcGlcL3YxXC9qd2tzLmpzb24iLCJraWQiOiJ0Q2dMV1VZbVZ0MlpweVhLNXJUdHA4WDVLTno2TjNYYl85TzZUdE95aUR3IiwiaXNzIjoiS05PWFNTTyIsImV4cCI6MTY2MTI4MzUwNCwibWFuYWdlZC50b2tlbiI6ImZhbHNlIiwia25veC5pZCI6IjA0Y2UzNzMyLTVmMWEtNDM3ZS05ZGE3LTQwMWE2NzViMTNiZiJ9.YHKpW5CXaxiZWA2vmlHeGGn6hvbiOnVepTb0CTbeB2xWAOwh9_HyRIL2dvKj-UMVIvjsuaE2zUohC77sqZYRGKNpHupC5ctp8ig8sTxabDlZlGe4rzxu7kBYmMIme0SUnm0iU3pHMhSMXUd9Z8_hLw5NCiYfoY75gEtwoCYRDb4eYI6V_6i_Z1WSm8M4J2-R5KxS5J8mgCbh7lnwMe8gWS2zIbRjb0nh4YFlVQkkMXcUGJwHpREEPeZtsQ2-JdvMeMFyc6DFEp4d36TkmpQk-BwbHCHVuAFJZ0fNEpRy4iBuKPrlnsPOpihphxPqf3GLsL-_WbSNhtPl7DIHTnDbRQ","token_id":"04ce3732-5f1a-437e-9da7-401a675b13bf","managed":"false","endpoint _public_cert":"MIIDeDCCAmCgAwIBAgIIOD6cdHBctFAwDQYJKoZIhvcNAQEFBQAwXzELMAkGA1UEBhMCVVMxDTALBgNVBAgTBFRlc3QxDTALBgNVBAcTBFRlc3QxDzANBgNVBAoTBkhhZG9vcDENMAsGA1UECxMEVGVzdDESMBAGA1UEAxMJbG9jYWxob3N0MB4XDTIyMDgyMzA5MjYwOFoXDTIzMDgyMzA5MjYwOFowXzELMAkGA1UEBhMCVVMxDTALBgNVBAgTBFRlc3QxDTALBgNVBAcTBFRlc3QxDzANBgNVBAoTBkhhZG9vcDENMAsGA1UECxMEVGVzdDESMBAGA1UEAxMJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjVGicpMnDjNlOgpmi8UM9eNlwiiECSLWbYXl7qEfZPknNb2KznOFJOopbiifqStw6AvEWCujCE4+0EBQlK+x7Q9/9v3/uUvrfTcNASw7OybAnGQXSJtCMJEAaxN8YHu9SxVh2XgdmpX+ZOpue4Ow6F2e+MW0uDD+gLFv/uBuoe96FBvtc7KGfH0OnXoNgKHK2bJfhpeV9W1E0SViVdmH0WcGUghfiA29aiKRCsV68MVU3qqBc6IoNe9lpTgqojHxLNR+AIcPugWQRB7Z2/Ep3cbCLQQkUlkqWKaONtDdwixjYM4HIo9Kih8+QkQd7TQ/GhZODfaN6V8zzK+dDNejswIDAQABozgwNjA0BgNVHREELTArghNzbW9sbmFyLU1CUDE2LmxvY2Fsgglsb2NhbGhvc3SCCWxvY2FsaG9zdDANBgkqhkiG9w0BAQUFAAOCAQEAebpUaoqmPv+TFA6LUf/6zfNemn0g0gIAqw0IJUokCEcKD8Hc281cwEfuIGn3mqbtaov1MRZm2Xf57dbCdq63Og2DxU/0U9E2nHGY7q7AvsFCg9rAFNjqjViH0i1Qbl3VAUZdAt OKT6ywh5cSi2oWRxg2RxGnauTm21rk4Q9+bzUdpRKngDAA5Hjs24Msh9TaZmVCJyPh1DX6fAhgj3QOQhyNNEdH+X42PEG4TOYIsQK7MtVl6UfZzK5hd3NPymXiS+FhCrKbcWBT3vx4L6kpzkrcupF1BTEe4g5nX0nNK3SgXhQ7j2r7QSNQpqlzPYW49uKti8hlE718k4+bAEqgkQ==","token_type":"Bearer","expires_in":1661283504536} ``` **7. Passing the Passcode token without cookies** ``` curl -iku Passcode:TldVeVpUTTFPRFl0WlRrd01DMDBNV0U1TFRrd01UUXRNR00wT1RCaU16RmlOemxrOjpOakk1Wm1KbVlUUXRZakprT0MwME1qQTBMVGxsT1RjdFl6bG1NakJoWTJSbU1ERTM= -X GET https://localhost:8443/gateway/tokenexchange/knoxtoken/api/v1/token HTTP/1.1 200 OK Date: Tue, 23 Aug 2022 09:46:56 GMT Content-Type: application/json Content-Length: 2253 {"access_token":"eyJqa3UiOiJodHRwczpcL1wvbG9jYWxob3N0Ojg0NDNcL2dhdGV3YXlcL3Rva2VuZXhjaGFuZ2VcL2tub3h0b2tlblwvYXBpXC92MVwvandrcy5qc29uIiwia2lkIjoidENnTFdVWW1WdDJacHlYSzVyVHRwOFg1S056Nk4zWGJfOU82VHRPeWlEdyIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJhZG1pbiIsImprdSI6Imh0dHBzOlwvXC9sb2NhbGhvc3Q6ODQ0M1wvZ2F0ZXdheVwvdG9rZW5leGNoYW5nZVwva25veHRva2VuXC9hcGlcL3YxXC9qd2tzLmpzb24iLCJraWQiOiJ0Q2dMV1VZbVZ0MlpweVhLNXJUdHA4WDVLTno2TjNYYl85TzZUdE95aUR3IiwiaXNzIjoiS05PWFNTTyIsImV4cCI6MTY2MTI4NDAxNiwibWFuYWdlZC50b2tlbiI6ImZhbHNlIiwia25veC5pZCI6ImQ1YTk0Njg0LTM5NTctNGNiOC05MjZiLTRkZDE4ZGZiNDQ0OCJ9.Z1XV_mEQgWmN0xIcyS5Pru04YloCsqCHP3BDUcU1W_GxV87TLmmrSqZaJf3bx7DFMWPYbZp-OVBlkGQoyUZiQ_77KfJIN5cGbAKtKrmTNIuKPt1fG7YO4ZcWbIV6d8k7pZAZkogIw-N5BZSQifLCnKuFVScI1l-X1wQxETOt98fdsQH32AMfTRB4mnTy5iHEUcCMhfE43vuDM2bZk4v3TksSQ720Tjo7d72BlkKFRRmfD7Z4spVvnJrcPd4mZW-dX3cd4z3qjmt4jsO9cuw3NPJRPTz-pshVwEw5uWfpjOlMGG9X3npat_2qffQhsrxl-g4HZFuKkjemxbDkD1_9lQ","token_id":"d5a94684-3957-4cb8-926b-4dd18dfb4448","managed":"false","endpoint _public_cert":"MIIDeDCCAmCgAwIBAgIIOD6cdHBctFAwDQYJKoZIhvcNAQEFBQAwXzELMAkGA1UEBhMCVVMxDTALBgNVBAgTBFRlc3QxDTALBgNVBAcTBFRlc3QxDzANBgNVBAoTBkhhZG9vcDENMAsGA1UECxMEVGVzdDESMBAGA1UEAxMJbG9jYWxob3N0MB4XDTIyMDgyMzA5MjYwOFoXDTIzMDgyMzA5MjYwOFowXzELMAkGA1UEBhMCVVMxDTALBgNVBAgTBFRlc3QxDTALBgNVBAcTBFRlc3QxDzANBgNVBAoTBkhhZG9vcDENMAsGA1UECxMEVGVzdDESMBAGA1UEAxMJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjVGicpMnDjNlOgpmi8UM9eNlwiiECSLWbYXl7qEfZPknNb2KznOFJOopbiifqStw6AvEWCujCE4+0EBQlK+x7Q9/9v3/uUvrfTcNASw7OybAnGQXSJtCMJEAaxN8YHu9SxVh2XgdmpX+ZOpue4Ow6F2e+MW0uDD+gLFv/uBuoe96FBvtc7KGfH0OnXoNgKHK2bJfhpeV9W1E0SViVdmH0WcGUghfiA29aiKRCsV68MVU3qqBc6IoNe9lpTgqojHxLNR+AIcPugWQRB7Z2/Ep3cbCLQQkUlkqWKaONtDdwixjYM4HIo9Kih8+QkQd7TQ/GhZODfaN6V8zzK+dDNejswIDAQABozgwNjA0BgNVHREELTArghNzbW9sbmFyLU1CUDE2LmxvY2Fsgglsb2NhbGhvc3SCCWxvY2FsaG9zdDANBgkqhkiG9w0BAQUFAAOCAQEAebpUaoqmPv+TFA6LUf/6zfNemn0g0gIAqw0IJUokCEcKD8Hc281cwEfuIGn3mqbtaov1MRZm2Xf57dbCdq63Og2DxU/0U9E2nHGY7q7AvsFCg9rAFNjqjViH0i1Qbl3VAUZdAt OKT6ywh5cSi2oWRxg2RxGnauTm21rk4Q9+bzUdpRKngDAA5Hjs24Msh9TaZmVCJyPh1DX6fAhgj3QOQhyNNEdH+X42PEG4TOYIsQK7MtVl6UfZzK5hd3NPymXiS+FhCrKbcWBT3vx4L6kpzkrcupF1BTEe4g5nX0nNK3SgXhQ7j2r7QSNQpqlzPYW49uKti8hlE718k4+bAEqgkQ==","token_type":"Bearer","expires_in":1661284016951} ``` **8. Passing an invalid cookie and a valid Passcode** ``` curl -iku Passcode:TldVeVpUTTFPRFl0WlRrd01DMDBNV0U1TFRrd01UUXRNR00wT1RCaU16RmlOemxrOjpOakk1Wm1KbVlUUXRZakprT0MwME1qQTBMVGxsT1RjdFl6bG1NakJoWTJSbU1ERTM= --cookie "customCookieName=eyJraWQiOiJ0Q2dMV1VZbVZ0MlpweVhLNXJUdHA4WDVLTno2TjNYYl85TzZUdE95aUR3IiwiYWxnIjoiUlMyNTYifQ.eyJzdWIiOiJhZG1pbiIsImtpZCI6InRDZ0xXVVltVnQyWnB5WEs1clR0cDhYNUtOejZOM1hiXzlPNlR0T3lpRHciLCJpc3MiOiJLTk9YU1NPIiwiZXhwIjoxNjYxMzMzMjA3LCJtYW5hZ2VkLnRva2VuIjoiZmFsc2UiLCJrbm94LmlkIjoiMTFjMDIyNWMtNTU5Zi00MTE2LWE3M2ItYjhhM2JmZGIwODA1In0.E1qoRKx50g6czHwGh3UVwqqNGpQS3sWckJAEAFQuqmC8LQG2ocrRx3NXgcyvlqjMpeRBMLYMflsUA_b_6lG9adHld-Dy_fhAKknNuZR82nj8jNkrFPPf55C6Uc3NshjK-N_yp_1NSEjN6HKI7UKMJX5oL3xDCYAhQhjFQga3EXDPdh1Rvo7RY0s-em3KHH-gT4UCdS_WT7u5mC2BKXI3o4a8yoAV0iFaIvdO4FPWxyIe4A_r9Vt0EiZezga3hvr8HPR3LRBWGpaW-4J-0KUTb2SsB6vXSuBTKxXns3jA2W8MDzb4cMm4LmIaaBt3H7npk7x-hljzNKhZdSFjb83z9" -X GET https://localhost:8443/gateway/tokenexchange/knoxtoken/api/v1/token HTTP/1.1 401 Unauthorized Cache-Control: must-revalidate,no-cache,no-store Content-Type: text/html;charset=iso-8859-1 Content-Length: 497 <html> <head> <meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1"/> <title>Error 401 There is no valid cookie found</title> </head> <body><h2>HTTP ERROR 401 There is no valid cookie found</h2> <table> <tr><th>URI:</th><td>/gateway/tokenexchange/knoxtoken/api/v1/token</td></tr> <tr><th>STATUS:</th><td>401</td></tr> <tr><th>MESSAGE:</th><td>There is no valid cookie found</td></tr> <tr><th>SERVLET:</th><td>tokenexchange-knox-gateway-servlet</td></tr> </table> </body> </html> ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
